Tess: we're worried about script isolation... iframes... Take a step back and make a holistic review.

[Tess & David

David: smaller breakout with Tess required?

Yves: I sent mail to webappsec working group to ask if they were interested in helping but have not heard anything back.

Peter: schedule breakout time for tomorrow?

David: Will try sometime this week

Tess: This is a big chunk of work. Ideally we can come up with a table of all features, APIs and what their behavior is in terms of capabilities inherited by parent browsing context etc. ... I will schedule time for myself and Rossen to work on this tomorrow.

Rossen: I think Tess and I had a spreadsheet.... did we ever find it? We spent an hour building it in a breakout at some point.

(pinged Tess and got a link to the spreadsheet).

Skipped.

Ran out of time before we got to this.

Discussion about the conceptual overlap between these feature controls and the Spectre/Meltdown mitigations, wondering if the same task force that looks at CO* headers should look at these controls. Ideally maybe a common control layer can be created for authors to enable features that also mitigates Spectre/Meltdown under a layer of abstraction.

we discuss closing this since we haven't made progress

Lea: could it be a principle?

Tess: we are the right group to do this --

Sangwhan: it would take an entire f2f...

Dan: topic for TAG future?

Sangwhan: We have to go through all that's currently available - requires a focussed issue.

Tess: 468 is also similar.....